quasar | 02d23f91859aa28a823d9b082129137836289a5bb11bae498689515a22072b16 | Triage

Submit
Reports

Overview

overview

Static

static

anti-anti-afk.exe

windows10-ltsc_2021-x64

Sharing

General

Target

anti-anti-afk.exe
Size

1.6MB
Sample

250413-dv47yaxzfv
MD5

65aa3c881c733d7dddb867f4df56c316
SHA1

568313bc4a3eaba39da891becee3b752cec87337
SHA256

02d23f91859aa28a823d9b082129137836289a5bb11bae498689515a22072b16
SHA512

adaac864a3c834bd7bd48093d4f84e84117606cf154516292afb79bfad2ebfe80938ee88f2fff1b34fe3e17fe0305ffacd5d7132c8e1c12e0f69df05e182a2d2
SSDEEP

49152:aMfQfiZ7q/ruyE3SSY0wYkZvUwORp/sc:aMfT/iiYvUwOd

Score

10^/10

quasar revengerat colt discovery spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

anti-anti-afk.exe

Resource

win10ltsc2021-20250410-en

quasar revengerat colt discovery spyware stealer trojan

windows10-ltsc_2021-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

colt

C2

66.113.31.17:7547

Mutex

KYS-INF&G^TT*^N

Attributes

encryption_key
70241AEB531B22CC4A2F1CDAD4B909EAB6831EBD
install_name
svchost.exe
log_directory
colt logs
reconnect_delay
100
startup_key
svchost.exe
subdirectory
rundll32

Targets

- Target
  
  anti-anti-afk.exe
- Size
  
  1.6MB
- MD5
  
  65aa3c881c733d7dddb867f4df56c316
- SHA1
  
  568313bc4a3eaba39da891becee3b752cec87337
- SHA256
  
  02d23f91859aa28a823d9b082129137836289a5bb11bae498689515a22072b16
- SHA512
  
  adaac864a3c834bd7bd48093d4f84e84117606cf154516292afb79bfad2ebfe80938ee88f2fff1b34fe3e17fe0305ffacd5d7132c8e1c12e0f69df05e182a2d2
- SSDEEP
  
  49152:aMfQfiZ7q/ruyE3SSY0wYkZvUwORp/sc:aMfT/iiYvUwOd
Score

10^/10

quasar revengerat colt discovery spyware stealer trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Revengerat family
  revengerat
- RevengeRat Executable
  stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarrevengeratcoltdiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy